Formbook Malware Used For Password Stealing In Targeted Systems

It seems that sophisticated computer hackers have changed the way they perform cyber operations rather than investing zero-day and developing their formbook malware; Some groups of hackers have started to use malware already made, such as scripts.

Perhaps, this could be a smart solution for state-sponsored hackers to avoid being easily attributed.

Security researchers from several security companies, including Arbor Networks and FireEye, have independently discovered several malware campaigns targeting the aerospace, defense and manufacturing industries in several countries, including the United States, Thailand, South Korea and India.

What is common? All of these piracy campaigns, conducted by various hacking groups, end up installing the same malicious information and password software called FormBook malware on target systems.

FormBook malware is nothing more than a malware as a service, which is an affordable malware that loses information and data capture and has been announced in several hacking forums since the beginning of 2016.

Anyone can rent FormBook malware for only $ 29 a week or $ 59 a month, which offers a range of advanced spy capabilities on target machines, including a keylogger, password thief, network sniffer, screenshots, web model data stealer and much more.

According to the researchers, attackers in each campaign use mainly email to distribute FormBook malware as attachments in various forms, including PDF files with malicious download links, DOC and XLS files with malicious macros and compressed files (ZIP, RAR, and ISO) containing EXE payloads.

Once installed on a target system, the malware is injected into multiple processes and begins to capture keystrokes and extracts stored passwords and other confidential data from multiple applications such as Google Chrome, Firefox, Skype, Safari, Vivaldi, Q-360, Microsoft Outlook and Mozilla. Thunderbird, 3D-FTP, FileZilla, and WinSCP.

FormBook malware continually sends all stolen data to a remote control and control server (C2) which also allows the attacker to execute other commands on the target system, including startup, shutdown, and restart the system and the cookie robbery processes.

“One of the most exciting features of malware is that it reads the Windows ntdll.dll disk module in memory and directly calls its exported functions, making the user mode and API snap mechanisms ineffective,” says FireEye.

Official Hacker is your news, tips and tricks website. We provide you with the latest hacking news and hacking tutorials straight from the cyber industry.
OUR MOTTO:- Security In a Professional Way
According To FeedSpot, We Are Awarded As One Of The Top 75 Hacker Blogs Available On The Web. (Securing 45th Position)